Smart wearables like Fitbits and Smartwatches have become a trend in the society and this does seem to come to an end. Rather we expect to see more varieties of these smart wearables in the coming times. Smart wearables make our lives more integrated with technology, a Fitbit can track our workout levels, help in improving our sleep quality, monitoring heart rate and blood levels. Meanwhile a Smartwatch does more than just proving us the “Time” but also allows us to read our emails, view text messages, track the incoming calls and browse the internet. Well, this does make our lives easy? Isn’t it? But let’s just not forget the golden rule of technology, user experience comes at the cost of security!
Let’s find out how!
While the sales of these smart wearables are on the BOOM! And a fitness enthusiastic will be happy to track their performance or a person conscious about their health would be monitoring their blood and sugar levels, not wondering what others would do with this data if they were to have access to it? Imagine your health insurer makes a data sharing agreement with your fitness device manufacturer? What would happen to your healthcare costs if your provider decided that your data shows that you live a less than healthy lifestyle. Would they even go as far as to drop you as a customer? Our concern shouldn’t be limited just to these thoughts. This can be more serious if a bad actor gets access to our workout patterns they can easily determine when a person is not at home. I think I don’t need to tell you what more a criminal can do after that really!
Thinking to quit using your beloved smartwatch? Not a good idea!
If your Fitbit or smartwatch are used for collecting information about you. This is a problem! But there is a solution to it. The manufacturer can simply aggregate and anonymize all such data, and refuse to release any such sensitive information about a particular person. Many manufacturers have taken this approach where such information will only be shared in an anonymized way without revealing their customers identity. This seems pretty straight forward but there are technical issues to this solution which makes you anonymous but to only a certain extent.
You can be anonymous but you can’t change the way you WALK!
Even if we managed de-identify the user’s information removing the user name, address etc. It is pretty easy to re-identify the dataset. The reason is straightforward: each of us has a unique gait. This means that if I knew something about an individual Fitbit user’s gait or style of walking, I could use that information to identify that individual among the millions of anonymized Fitbit users’ data. I would then have access to all of that user’s other Fitbit data, which would now be re-associated with her. As Ira Hunt, Chief Technology Officer of the Central Intelligence Agency, put it: “Simply by looking at the data [From a Fitbit] they can find out . . . with pretty good accuracy what your gender is, whether you’re tall or you’re short, whether you’re heavy or light, . . . and you can be 100% . . . identified by simply your gait how you walk.”
Anonymity and de-identification are extremely difficult in sparse datasets and a person can be easily re-identified as every individual have unique dataset.
Example: If a bad actor has access to that anonymized dataset containing the individual’s complete sensor information, and if he simultaneously knows a few specific dates and times that the individual traveled the metro or a bike, he can perhaps determine which of the many users in that dataset the individual is and therefore also he will know all movement information for all dates and times.
Well, coming to a conclusion about privacy while using smart wearables is not itself smart! We should always be aware and conscious of the devices we use in our everyday life. As we progress towards technological advancements it is necessary for us to improve our knowledge about their functionality and flaws. Indeed, privacy is right but also a responsibility.
References:
[1] Peppet, S. R. (2013). Regulating the Internet of Things : First Steps Toward Managing Discrimination , Privacy , Security , and Consent.
[2] Dr. Humayun Zafar, Andry Green, Herbert J. Mattord, Michael Whitman, Cybersecurity and the Internet of Things, University System of Georgia
Author: Mohammad Usman Rais
Cyber Security Intern
Securium Solutions Pvt. Ltd.
